I'm curious about two things you state below:
First, you state that runmqlsr is the preferred mode of listener execution over inetd on systems that support inetd. On what information or documentation do you base that assertion?
Second, I agree that SVRCONN channels CAN present a security issue. However, since the default SVRCONN channel definition contains NO MCA userid, and thus MOST SYSTEM.ADMIN.SVRCONN channels will be defined similarly, this would mean that users connecting to this channel would run under their own authority. If their userid is not defined as a member of the mqm group on the system being administered, they won't even get connected to the queue manager. Please enlighten me further if my understanding is incorrect.
"Wyatt, T Rob" <[EMAIL PROTECTED]>
Sent by: MQSeries List <[EMAIL PROTECTED]> 09/10/2004 08:29 AM
|
|
Jitender,
To remotely administer any QMgr you need a few things.
First, the Command Server needs to be running. Use the strmqcsv command to get it going. It reads messages off of the SYSTEM.ADMIN.COMMAND.QUEUE which is a default object when you create the QMgr.
Next, you need a SVRCONN channel so your remote admin tool can connect to the QMgr. Some use the default SYSTEM.DEFAULT.SVRCONN. Windows MMC uses a different one. Check the doc of the tool you want to use for the name it expects or a way to set the name as a parameter. It is recommended not to use the default channel because any new SVRCONN channels will inherit their settings from it. Better to disable the default channel and explicitly define one with exactly the parameters you want. More on this in the last paragraph.
Finally, you need a listener or inetd configuration so the remote tool can connect to the SVRCONN. In a modern QMgr, the listener is the preferred method. To start a listener in the background, try something like...
nohup runmqlsr -m YOURQMGR -t tcp -p 1414 2>&1 &
This will start a listener on port 1414 which is the default. If you want to monitor the incoming connections, dedicate a telnet session to a listener and just run it in the foreground...
runmqlsr -m YOURQMGR -t tcp -p 1414
This will show you any activity picked up by the listener.
Please keep in mind that any SVRCONN channel will by default allow anyone to connect with administrative rights. If you want to administer Production systems, look into securing the channel. There is a free channel exit developed and hosted by Jorgen Pederson with considerable input from members of this list server and is quite functional. Check it out at http://www.mrmq.dk/index.htm?BlockIP.htm Lock down any SVRCONN channels you are not using (like SYSTEM.*.SVRCONN) by setting the MCAUSER to 'nobody' or other non-existent ID.
Hope that helps.
-- T.Rob
- -----Original Message-----
From: MQSeries List [mailto:[EMAIL PROTECTED]]On Behalf Of Jitender Bhatia
Sent: Friday, September 10, 2004 7:14 AM
To: [EMAIL PROTECTED]
Subject: Re: Basic Info ! ( Re: MMC/Any GUI for administering MQ on AIX)
In general what needs to be done on AIX MQ to allow for any kind of remote administration ?
I have only created a Queue Manager and Queue. I have no channels or set any special property on Queue Manager.
I think this fact is preventing me from using any UI to remotely manage Queue Manager.
I am not able to use this MQJExplorer (http://www.kolban.com/mqjexplorer/), as it seems to be looking for a library :
Exception in thread "main" java.lang.UnsatisfiedLinkError: Can't find library mq
jbnd02 (libmqjbnd02.a or .so) in java.library.path
I have /usr/mqm/java/lib defined in LIBPATH env variable.
but there i do not see any libmqjbnd02.a
instead i see following files there
libMQXAi02.so
libmqjbdf02.so
libmqjbnd05.so
Thankls
-----Original Message-----
From: Bender, Alan [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 09, 2004 6:35 PM
To: [EMAIL PROTECTED]
Subject: Re: MMC/Any GUI for administering MQ on AIX
- I ran across MQJexplorer a few weeks back. It is pure java and works with most all platforms. You should check it out.
http://www.kolban.com/mqjexplorer/
- -----Original Message-----
From: MQSeries List [mailto:[EMAIL PROTECTED]] On Behalf Of Mike Davidson
Sent: Thursday, September 09, 2004 7:54 AM
To: [EMAIL PROTECTED]
Subject: Re: MMC/Any GUI for administering MQ on AIX
MO71 is a great tool for administering MQ. Here's the URL:
http://www-1.ibm.com/support/docview.wss?rs=203&uid=swg24000142&loc=en_US&cs=utf-8&lang=en
Mike Davidson
TSYS MQ Tech Support
IBM Certified System Administrator - WebSphere MQ V5.3
IBM Certified Solution Designer - WebSphere MQ V5.3
[EMAIL PROTECTED]
|
|
Sent by: MQSeries List <[EMAIL PROTECTED]> 09/09/2004 08:27 AM Please respond to MQSeries List |
To: [EMAIL PROTECTED] cc: Subject: MMC/Any GUI for administering MQ on AIX |
Hello,
I am relatively new to MQ.
I have MQ Series setup on AIX box.
Now, i want a way to administer it from my windows box by using some kind of GUI.
I have MMC on my windows box that i am able to use to administer MQ Series on my local desktop.
Can i use it to connect to MQ Series on AIX box to administer it. How ? I am not able to figure this out.
Any other ideas on what kind of UI i can use for this purpose ? A Java UI running on AIX is ok too.
Thanks
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive
The information contained in this communication (including any attachments hereto) is confidential and is intended solely for the personal and confidential use of the individual or entity to whom it is addressed. The information may also constitute a legally privileged confidential communication. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this communication in error and that any review, dissemination, copying, or unauthorized use of this information, or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message. Thank you
<<inline: graycol.gif>>
<<inline: pic28145.gif>>
<<inline: ecblank.gif>>
